Government news, analysis and commentary

The Environmental Protection Agency is taking the Obama administration’s “cloud first” policy on information technology to heart. All of the agency’s applications, systems and services are under consideration for migration to a cloud-computing environment.

“Everything is on the table for discussion,” said Malcolm Jackson, EPA assistant administrator for the Office of Environmental Information and chief information officer. “I ask the question, ‘Why not cloud?’ Everything is an option. We don’t have any sacred cows.”

If EPA can derive the same or higher level of service by moving applications to a cloud environment instead of building and hosting them in-house, then it’s simply a matter of weighing costs and “making a determination of what makes the most sense for us as agency,” Jackson said.

When the Office of Management and Budget, through former U.S. chief information officer Vivek Kundra’s 25-point plan for federal IT reform, last year mandated that agencies identify three “must move” services to the cloud, Jackson and his team got together and surveyed their entire IT portfolio for cloud options.

“I know the 25-point plan asks us to identify three, but we actually looked harder at that,” he said. “We looked at what other opportunities existed that we could take to a cloud-based solution. We’ve identified those as well.”

EPA’s IT shop takes a highly methodical approach to decision making about cloud migration, even as increasingly specific migration guides for federal agencies have become available.

“We do a business case analysis, laying out the pros and cons to help us understand just what the opportunities are in front of us,” Jackson said. “We use a risk-based approach in making decisions, looking at risk mitigation and understanding where we have upside or downside.”

For the OMB mandate, the team chose Internet security services, its enterprise service desk infrastructure and its e-mail services.

At the time of the mandate, EPA was already in the process of migrating perimeter security and detection systems for its wide area network to a private cloud hosted by AT&T.

“We choose AT&T because of their experience,” Jackson said. “They provide the same service for themselves, they’re much larger than we are and they have a lot of private information and data that they’re passing. We feel pretty good about the decision that was made.”

Now complete, the move of its security services to cloud has already reaped benefits for the agency. “We increased our bandwidth on our wide area network,” Jackson said. “The increased traffic across your wide area network increases the possibility of threats. But [AT&T is] able to manage that increased bandwidth and ensure that we still have secure data and information on our network” without increasing costs.

The enterprise service and help desk migration is still in the business case analysis stage, Jackson said.

“This is an easy one for us from a concept standpoint– moving to one enterprise service desktop,” he said. “Today we have multiple desktop solutions and multiple desktop infrastructures. It’s very similar to a lot of other federal agencies and departments. EPA has a federated or distributed [IT] model and it’s grown up over time.”

“What we want to do is move toward consolidation where it makes sense and drive efficiencies across the organization,” he added. “If we do it the right way, we’ll be able to reduce our costs, [which will give us] opportunities for reinvestments in technology or business interests as an agency.” The cloud model is expected to consolidate 12 existing EPA help desks. Officials plan to complete the migration by March or April of next year, Jackson said.

Officials haven’t decided whether to move desktop services to a private or public cloud, but Jackson is leaning toward the latter. “I see this more as a public cloud, given the information that’s on it,” he said. “It’s a help desk. It’s not private.”

In general, whether to go a private cloud or a public cloud depends on the sensitivity of the data that will cross the network, Jackson said. “For me, it depends on whether you have intellectual property or secret information that you don’t want shared,” he said. “Then you pay the additional costs and go down the private side of it.”

Moving EPA’s e-mail system, which has 23,000 users across the country, to the cloud also was an easy decision, according to Jackson. The IT shop had already begun consolidating e-mail services to four locations before the OMB mandate came down. “We had email servers all over the place, by region, by research centers and things of that nature,” he said.

The e-mail move is still in the analysis stage, so officials still haven’t determined whether to go to a public cloud or a private cloud. As part of its analysis, Jackson and his team are exchanging ideas with other agencies that are migrating e-mail services to the cloud under the OMB mandate, including the General Services Administration and the Interior Department. EPA expects to finalize its plan for e-mail by December.

Overall, EPA’s “everything’s on the table” approach to cloud migration should serve as a potential model for other federal agencies and departments.

“There is a mindset among [federal] folks who believe they want to create their own solutions,” Jackson said. “But there are a lot [cloud] solutions out there today that provide very similar capabilities. The lesson learned to engage [agency] business leaders and help them understand some of the ways to remove complexity as much as possible and streamline our business processes so we can leverage more out of the box solutions. That’s what the cloud is all about.”